When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-10 16:29
Updated : 2024-02-28 16:04
NVD link : CVE-2016-6794
Mitre link : CVE-2016-6794
CVE.ORG link : CVE-2016-6794
JSON object : View
Products Affected
netapp
- oncommand_shift
- snap_creator_framework
- oncommand_insight
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- jboss_enterprise_web_server
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
oracle
- tekelec_platform_distribution
debian
- debian_linux
apache
- tomcat
canonical
- ubuntu_linux
CWE